Configuring Azure for Using Modern Authentication with Carbonite Safe Server Backup

Summary:

Starting with Carbonite Safe Server Backup 6.8.1 we will support modern authentication with Exchange Online. There are additional steps required to ensure modern authentication will function properly with CSSB. This article explains the procedure for registering Exchange Online in the Azure portal and setting up proper Azure App credentials for use with CSSB.

Solution:

Register the Azure app for Exchange Online in the Azure portal

1. Log on to the Azure portal (https://portal.azure.com/) using your global admin user account.
2. Go to Azure Active Directory.
3. In the navigation pane, click App registrations.
   
   
4. In the App registrations page, Click New registration.
5. In the Register an application screen, in the Name box, type a name for the app, preferably "CSSB-<System-Name>".
6. Under Supported account types, select Accounts in this organizational directory only (Single tenant).
7. Click Register.
8. You will need to copy and enter these values in CSSB while configuring modern authentication.
   1. Application (client) ID
   2. Directory (tenant) ID

Request and grant permissions to Azure APIs for the Azure app for Exchange Online

1. In the navigation pane, click API permissions.
   
   
2. Click Add a permission.
3. In the Request API permissions pane, click APIs my organization uses, and then complete the following steps:
   1. In the search bar, enter Office 365 Exchange Online.
   2. Select Office 365 Exchange Online, and then click Application permissions.
   3. Select full_access_as_app.
      
      
   4. Click Add permissions.
4. On the app API permissions page, click Grant admin consent for <tenant-name>.
5. Click Yes.

Create a client secret for the Azure app for Exchange Online

1. In the navigation pane, click Certificates & secrets.
   
   
2. Click New client secret.
3. Enter a description, and then select the maximum value.
4. Click Add.
5. You will need to copy the string under the Value column and enter it in CSSB while configuring modern authentication. Client secret values can only be viewed immediately after creation. Be sure to copy and save the secret before leaving the page.

Application information can be used for multiple Exchange online backup sets. In case a client secret hasn't been saved and has become obfuscated, create another client secret, and update/enter on CSSB.

Create/ Edit Exchange Online Backup set to configure Modern Authentication

Information about the Azure app created in the previous step needs to be entered in CSSB client while creating a new Exchange Online backup set. Existing backup sets can also be configured with Modern Authentication by editing a backup set and entering Azure app details into the form presented. This one-time process will need to be done for all existing Exchange Online backup sets.

Create

• Click Add New Backup Set on Dashboard page, select Exchange Online for Office 365 and click Continue{}

Edit

• Click on an existing Microsoft Office 365 Exchange backup set on Dashboard page, and click Edit Backup Set

The following dialog will show up if Modern Authentication is not configured for a backup set:

Fill in information about the Azure app in form that shows up in the right pane of the backup set creation/ editing page and click Enter:

If all entered information is correct, all mailboxes should show up for selection in a short while, and the modern authentication process is complete. The rest of the process is the same and should continue as expected.

Related Articles: